A virtual machine (VM) is an abstraction of a physical computer that executes programs with some degree of isolation from the physical hardware and other VMs running on the same physical machine. This isolation is provided by virtualization software that runs on the physical machine that manages and abstracts out the physical resources for the VMs running on the system. The term “virtualization software” herein refers to all software logically interposed between a VM and the underlying hardware resources. Typically, this includes a kernel for managing host resources and for each VM, a virtual machine monitor (VMM) for presenting emulated resources for guest code execution. In addition to managing and abstracting system resources, the virtualization software can also impose policy restrictions on the virtual machine such as limiting where, when, and by whom the virtual machine can run, as well as limit access to the VM's information by encrypting the software and data stored by the virtual machine. Such policy and access restrictions for a VM are described in U.S. patent application Ser. No. 11/522,172 entitled, “Enforcing Restrictions Related to a Virtualized Computer Environment” and filed Sep. 14, 2006.
Software emulation is used for abstracting and sharing a physical LAN (non-wireless) network interface card (NIC) by a number of virtual machines running on a single computer system. In this case, a physical NIC is placed in “promiscuous mode,” meaning that it will accept all network packets received, regardless as to whether they are addressed to the physical NIC or not. The packets are sent to a virtual network switch implemented by the virtualization software. The virtual network switch can then direct packets to destination virtual NICs assigned to any virtual machines on the system. The virtual NICs are software emulations of NIC devices and each of the virtual NICs has a unique MAC address that is distinct from each of the other virtual NICs and the physical NIC. In essence, the virtualization software implements a virtual network, connecting the virtual NICs with the physical NIC, which acts as a bridge or gateway to the outside world. It is also possible for the virtualization software to provide network address translation (NAT) capability.
In typical implementations of virtual networking devices, the physical NIC is controlled exclusively by the virtualization software. Guest virtual machines interact with the physical NIC only as a gateway or bridge through which to send network packets to the outside world. These packets typically conform to IEEE 802.3 (e.g., “Ethernet™”) standards, which do not provide for a control path for the underlying device. That is, there is only a data path, and no control path, between the guest virtual machines and the physical device. Since wireless devices require additional user control (e.g., to select and authenticate to an access point), current implementations of device virtualization are not suitable for wireless devices. As a result, a user of the VM may not be able to take advantage of the wireless capabilities of a host device. For example, a user may not be able to select a wireless network through the interface provided by the guest operating system running inside the VM. In a managed VM, where access to the host operating system may be limited, this would lead to an inability to access wireless devices.
One approach to controlling devices generally includes using a peripheral component interconnect (PCI)-passthrough connection between a guest virtual machine and a physical address. In this case, the I/O (input/output) messages from the guest driver are communicated directly to and from the physical device on the host without any device emulation. This approach is simple to implement for any PCI device and provides a low-overhead mechanism (in terms of resource requirements) to provide a guest virtual machine with control over the device. However, because the host lacks visibility into the state of the physical device when it is controlled by a guest operating system, this approach prevents the host from serializing or deserializing the device's state, which is necessary for migrating the virtual machine or for taking virtual machine state checkpoints or snapshots. In addition, PCI-passthrough requires that guest physical memory pages (that is, memory pages viewed as physical memory by the guest operating system, but are redirected by the host virtualization software to actual physical memory) be pinned by the host so that the guest operating system cannot program the wireless device to write to a swapped out page of memory using direct memory access (DMA). If that were to happen, an IO-MMU page fault would occur, which is costly (in terms of performance) to recover from.
Another approach for controlling a PCI device is exemplified by the single root I/O virtualization (SR-IOV) specification developed by the industry consortium, peripheral Component Interconnect Special Interest Group (PCI-SIG). The SR-IOV specification provides for a physical device with built-in support for a plurality of virtual functions, each of which may be assigned to a different virtual machine and may be accessed directly by each virtual machine without any need for emulation by the virtualization layer. In this way, each SR-IOV compliant device can appear as many different devices. This approach requires an SR-IOV compliant device in order to implement, and such devices are not readily available, particularly for wireless communications in notebook or laptop computers.